Remove transitive event-stream dependencies

[pr1sm]

Describe the bug
Looks like there was malicious code published downstream from the npm-run-all package. It looks like this was a hack targeting projects that had a crypto-currency peer package also installed, so I don' think this directly affects us. However, I definitely don't like the idea of malicious code possibly available through our dependency tree.

For more information, see dominictarr/event-stream#116 and mysticatea/npm-run-all#150

To Reproduce
Steps to reproduce the behavior:

1. Run npm ls event-stream flatmap-stream
2. Check if there are versions installed from that output (flatmap-stream@0.1.1 contains the malicious code, but I wouldn't trust versions that are higher as well)
3. If they are, we are affected

I get the following output

Expected behavior
We shouldn't have event-stream installed anywhere in our dependency tree.

Desktop (please complete the following information):

• OS: MWL
• Service: frontend
• Version: alpha

Additional context
The fix is pretty simple, it looks like npm-run-all has already put out a fixed version 4.1.5, so we just need to adjust our dependency for that

[pr1sm]

I've taken a look at the other packages we are using and here are the following screenshots
task-runner:

nebula-api:

discord-bot:

It looks like all packages are affected, but to varying degrees. The problem for all stems from nodemon's dependency tree (remy/nodemon#1469 looks like it's tracking the removal of the malicious code from that dependency).

task-runner is the most affected since it contains a version with the potentially malicious code, discord-bot is next because the version of event-stream is bad even though the flatmap-stream version is before the malicious version, and nebula-api looks like it has a version of event-stream that doesn't include the malicious code at all.

For all three of these, we should wait until nodemon gets updated, then update that dependency as well.